BinAC/Login: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
No edit summary
Line 3: Line 3:
After registration (registration procedure at [[bwForCluster User Access]], the bwForCluster BinAC can be accessed via a Secure Shell like <tt>ssh</tt> on Linux and Mac or <tt>PuTTY</tt> on Windows systems.
After registration (registration procedure at [[bwForCluster User Access]], the bwForCluster BinAC can be accessed via a Secure Shell like <tt>ssh</tt> on Linux and Mac or <tt>PuTTY</tt> on Windows systems.


== TOTP Second Factor ==
From linux machines, you can log in using
Install a TOTP (time-based one-time password) app to your mobile device such as Google, Microsoft, andOTP, Aegis, FreeOTP, or Yubico Authenticator. These apps work very similar and allow you to scan a QR code containing a secret key used for the TOTP password generation.


Connect to the QR code server, e.g. ssh tu_iis4711@c2fa.binac.uni-tuebingen.de and enter your username and password. The QR code displayed on screen must be scanned with your authenticator app. Note, the QR code is only displayed once. If you need a new QR code , please contact us (hpcmaster@uni-tuebingen.de) to reset the procedure.
ssh <UserID>@login01.binac.uni-tuebingen.de
Your authenticator app now displays a 6-digit number which changes every 30 seconds, representing the second factor required for the login to BinAC.
ssh <UserID>@login02.binac.uni-tuebingen.de
ssh <UserID>@login03.binac.uni-tuebingen.de


== Login ==
To run graphical applications, you can use the -X or -Y flag to openssh:
You may use the nodes login01.binac.uni-tuebingen.de and login02.binac.uni-tuebingen.de to access the BinAC e.g. ssh <UserID>@login01.binac.uni-tuebingen.de or ssh <UserID>@login02.binac.uni-tuebingen.de. You will be asked for the 6-digit second factor and afterwards for username and password.

If you mistype the password after entering the correct 6-digit second factor you have to wait for 30 seconds till a new second factor is generated, as it is truly a time-based one-time password and cannot be used again.
ssh -Y -l <UserID> login01.binac.uni-tuebingen.de
ssh -Y -l <UserID> login02.binac.uni-tuebingen.de
ssh -Y -l <UserID> login03.binac.uni-tuebingen.de

For better performance on slow connections you should use e.g. [[VNC]].


== SSH Keys (optional) ==
You may use SSH keys to access the login nodes. It is mandatory to secure your private key with a password. Place your public key into ~/.ssh/authorized_keys and take care about line breaks.
If you are using services which require automated password less login, contact us hpcmaster@uni-tuebingen.de. We are working on appropriate solutions and will adopt them individually.


== About UserID / Username ==
== About UserID / Username ==

Revision as of 10:22, 16 July 2020

Login

After registration (registration procedure at bwForCluster User Access, the bwForCluster BinAC can be accessed via a Secure Shell like ssh on Linux and Mac or PuTTY on Windows systems.

TOTP Second Factor

Install a TOTP (time-based one-time password) app to your mobile device such as Google, Microsoft, andOTP, Aegis, FreeOTP, or Yubico Authenticator. These apps work very similar and allow you to scan a QR code containing a secret key used for the TOTP password generation.

Connect to the QR code server, e.g. ssh tu_iis4711@c2fa.binac.uni-tuebingen.de and enter your username and password. The QR code displayed on screen must be scanned with your authenticator app. Note, the QR code is only displayed once. If you need a new QR code , please contact us (hpcmaster@uni-tuebingen.de) to reset the procedure. Your authenticator app now displays a 6-digit number which changes every 30 seconds, representing the second factor required for the login to BinAC.

Login

You may use the nodes login01.binac.uni-tuebingen.de and login02.binac.uni-tuebingen.de to access the BinAC e.g. ssh <UserID>@login01.binac.uni-tuebingen.de or ssh <UserID>@login02.binac.uni-tuebingen.de. You will be asked for the 6-digit second factor and afterwards for username and password. If you mistype the password after entering the correct 6-digit second factor you have to wait for 30 seconds till a new second factor is generated, as it is truly a time-based one-time password and cannot be used again.

SSH Keys (optional)

You may use SSH keys to access the login nodes. It is mandatory to secure your private key with a password. Place your public key into ~/.ssh/authorized_keys and take care about line breaks. If you are using services which require automated password less login, contact us hpcmaster@uni-tuebingen.de. We are working on appropriate solutions and will adopt them individually.

About UserID / Username

<UserID> of the ssh command is a placeholder for your username at your home organization and a prefix denoting your organization. Prefixes and resulting user names are as follows:

Site Prefix Username
Freiburg fr fr_username
Heidelberg hd hd_username
Hohenheim ho ho_username
Karlsruhe ka ka_username
Konstanz kn kn_username
Mannheim ma ma_username
Stuttgart st st_username
Tübingen tu tu_username
Ulm ul ul_username

Allowed activities on login nodes

The login nodes are the access point to the compute system and its $HOME directory. The login nodes are shared with all the users of the cluster. Therefore, your activities on the login nodes are limited to primarily set up your batch jobs. Your activities may also be:

  • compilation of your program code and
  • short pre- and postprocessing of your batch jobs.

To guarantee usability for all the users of the bwForCluster you must not run your compute jobs on the login nodes. Compute jobs must be submitted as Batch Jobs. Any compute job running on the login nodes will be terminated without any notice.


Password Reset

If you forgot your password for the bwForCluster BinAC you can set a new one on the BinAC service page. Just use the link in the "bwForCluster BinAC" service box.

Further reading